Cyber og Sundhed Hvad sker der og hvordan? Morten von Seelen, Cyber Ops
The bomber will always get through I think it is well also for the man in the street to realise that there is no power on earth that can protect him from being bombed. Whatever people may tell him, the bomber will always get through The only defence is in offence, which means that you have to kill more women and children more quickly than the enemy if you want to save yourselves...if the conscience of the young men should ever come to feel, with regard to this one instrument [bombing] that it is evil and should go, the thing will be done; but if they do not feel like that well, as I say, the future is in their hands. But when the next war comes, and European civilisation is wiped out, as it will be, and by no force more than that force, then do not let them lay blame on the old men. Let them remember that they, principally, or they alone, are responsible for the terrors that have fallen upon the earth.[2][3][4] 2
Meget aktuelt 3
Truslen kommer udefra. Punktum. Kilde: Verizon/Deloitte Data Breach Investigations Report 2015 4
5 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved.
6 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved.
1. Mangel på tid, budget og ekspertise til at gennemføre omfattende sikkerhedsfunktioner. 2. Ingen dedikeret IT-sikkerhed folk på lønningslisten. 3. Manglende kendskab til risiko. 4. Fravær af systemoverblik og dokumentation 5. Mangel på medarbejderuddannelse. 6. Manglende opdatering af systemer. 7. Outsourcing af sikkerhed til ukvalificeret 3. part eller systemadministratorer 8. Manglende hardning af endpoints 7
High Risk Locations Client specific biz. Vendors Fourth Party Third Parties Client specific Industry specific Remote connections (VPN, File transfer) Cloud/SaaS Connections Infrastructure B2B Connections Databases Personal Computers Geographic core location Access Control Security Measure s Security & Monitoring Inadvertent Damage Human Elements Malicious Exfiltration Physical Locations Cyber Internally hosted Building Access 8 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved. Organization Off-the-shelf Applications (Web)- applications Third party hosted Mobile Applications
Fælles MO Sådan angribes virksomhederne anno 2016 1. Phishing (ransomware etc.) 2. Social Engineering 3. CEO/ BEC Fraud 4. Network hacking (including wifi) 5. Website hacking 6. Social Media Hacking 9
Ransomware Moderne landevejsrøveri 10
11 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved.
12 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved.
Phishing Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [1][2] 13
Deloitte Phishing test 2016 Deloitte 14 14
Results of the simulation are summarized on the chart: 2016 Deloitte 15 15
Social Engineering Phishing 16
Social Engineering Phishing 17
18 Deloitte Copyright 2016 Deloitte & Touche Oy. All rights reserved.
CEO Fraud / BEC Fraud 19
Social Media Hacking 20
Network Attack Sårbarheder giver adgang længere ind I virksomheden 21
Network Attack - Wifi 22
Man kan komme ind på Netværket på flere måder 2016 Deloitte 23 23
Webhacking 24
Hvor vil I ligge? Snak om det! Operational Excellence Military & Defence Situational Awareness of Cyber Threats Basic Online Brand Monitoring Online Brand & Social Media Policing Brand Monitoring Proactive Threat Management Blissful Ignorance Basic Network Protection Consumer Business & Life Sciences Acceptable Usage Policy IT BC & DR Exercises Transformation Ad Hoc Infrastructure & Application Protection Ad Hoc System / Malware Forensics Ad-hoc Threat Intelligence Sharing with Peers Commercial & Open Source Threat Intelligence Feeds Network & System Centric Activity Profiling General Information Security Training & Awareness IT Cyber Attack Simulations Enterprise-Wide Infrastructure & Application Protection Automated Malware Forensics & Manual Electronic Discovery Government / Sector Threat Intelligence Collaboration Criminal / Hacker Surveillance Workforce / Customer Behaviour Profiling Targeted Intelligence-Based Cyber Security Awareness Business-Wide Cyber Attack Exercises Identity-Aware Information Protection Automated Electronic Discovery & Forensics Global Cross-Sector Threat Intelligence Sharing Baiting & Counter-Threat Intelligence Real-time Business Risk Analytics & Decision Support Business Partner Cyber Security Awareness Sector-Wide & Supply Chain Cyber Attack Exercises Adaptive & Automated Security Control Updates E-Discovery & Forensics Intelligence Collaboration External Threat Intelligence Behavioural Analytics Training & Awareness Cyber Attack Preparation Asset Protection IT Service Desk & Whistleblowing Security Log Collection & Ad Hoc Reporting 24x7 Technology Centric Security Event Reporting External & Internal Threat Intelligence Correlation Cross-Channel Malicious Activity Detection Security Event Monitoring Traditional Signature-Based Security Controls Periodic IT Asset Vulnerability Assessments Automated IT Asset Vulnerability Monitoring Targeted Cross-Platform User Activity Monitoring Tailored & Integrated Business Process Monitoring Internal Threat Intelligence Cyber Security Maturity Levels Level 1 Level 2 Level 3 Level 4 Level 5 2016 Deloitte AS 25
Vores (forsøg på en) løsning: Overblik! Kend jeres svagheder og trusler Stil krav om overblik! 26
Spørg jer selv 1. Er vores SPF1 record opsat korrekt? 2. Hvor længe må vi højest være nede pga. IT-nedbrud? 3. Er ansvaret for sikkerheden defineret? 4. Har vi 2. factor autentificering på adgang udefra? 5. Beskytter vores ansatte, virksomhedens oplysninger med password som: [virksomhedsnavn][årstal]? 6. Er vores IT-sikkerhedes politik up to date med modern trusler? 7. Er vores netværk VLAN segmenteret? 8. Overlever vores backup selvom det er en IT-medarbejder som bliver ramt af ransomware? 9. Har vi procedure på plads for overførsel af penge? 10.Opsamler vi logfiler et central sted? 11.Dækker vores beredskabsplaner cyber terror? 12.Er vores lokale maskiner sikret med andet end Antivirus? 13.Har vi styr på Databehandleraftalerne? 14.Gemmer medarbejdere følsomme dokumenter på deres bærbare hvis ja, er der så kryptering på denne? 15.Er vi klar til GDPR? 16.Er adgangen til de finansielle systemer tilpas sikre? 17.Ved ledelsen rent faktisk, hvordan tilstanden er I virksomheden på IT-sikkerheds området? 18.Kan vores IT ansatte løfte opgaven ved et rigtigt hackerangreb? 19.Har I selv kommunikeret kravene til sikkerhed tydeligt nok? 27
Morten von Seelen mvonseelen@deloitte.dk 3093 5033 02.02.2017